Secure DEVOPS

Integrate automated security checks, compliance operations, and threat modeling directly into your CI/CD pipelines. Build robust and secure software delivery systems.

Enroll Now
Secure DEVOPS
Back to Security Courses

Secure DEVOPS Curriculum

  • What is DevSecOps: Principles, Benefits & Breaking Down Silos
  • Shifting Security Left: Integrating Controls from Day One
  • The DevSecOps Toolchain: SAST, DAST, SCA, IaC Scanning & SOAR
  • DevSecOps vs Traditional Security: Speed, Automation & Shared Responsibility
  • Measuring DevSecOps Success: MTTR, Vulnerability Escape Rate & Lead Time
  • Setting Up a DevSecOps Lab: Git, Jenkins/GitLab CI & Docker
  • Project: Configuring a DevSecOps Pipeline Skeleton with Security Stage Gates
  • Threat Modeling Methodologies: STRIDE, PASTA & DREAD Comparison
  • Data Flow Diagrams (DFDs): Mapping Trust Boundaries & Attack Surfaces
  • Automating Threat Models with OWASP Threat Dragon
  • Translating Threats into Security User Stories & Acceptance Criteria
  • Abuse Cases & Misuse Cases: Thinking Like an Attacker
  • Architecture Risk Analysis: Identifying Weak Points in System Design
  • Continuous Threat Modeling: Updating with Every Sprint
  • Project: Creating a Threat Model for a Microservices E-commerce Application
  • Pre-commit Hooks: Automatic Secret Scanning with TruffleHog & Gitleaks
  • Static Analysis (SAST): Integrating SonarQube into Developer Workflows
  • Snyk for Open Source Vulnerability Detection in Dependencies
  • Security Linting: Bandit (Python), ESLint-plugin-security (JS) & Semgrep
  • IDE Security Plugins: Real-time Feedback in VS Code & IntelliJ
  • Secure Code Review Checklists: OWASP Secure Coding Guidelines
  • Common Vulnerability Patterns: Injection, Broken Auth & Sensitive Data Exposure
  • Project: Setting Up Pre-commit Hooks with Secret Scanning & SAST for a Node.js App
  • Designing Secure Pipelines in Jenkins, GitLab CI/CD & Azure Pipelines
  • Software Composition Analysis (SCA): Scanning Open Source Dependencies
  • DAST Automation: Running OWASP ZAP Scans in CI/CD
  • Interactive Application Security Testing (IAST) with Contrast Security
  • Vulnerability Aggregation & Tracking with DefectDojo
  • Security Quality Gates: Breaking Builds on Critical Vulnerabilities
  • Managing Security Findings: Triage, False Positive Handling & SLA Tracking
  • Project: Building a Complete CI/CD Pipeline with SAST, SCA & DAST Stages
  • Scanning Terraform for Misconfigurations with Checkov & tfsec
  • CloudFormation & Bicep Security Analysis with cfn-nag
  • Policy as Code: Writing OPA (Open Policy Agent) Rego Policies
  • Immutable Infrastructure: Building Hardened Images with Packer
  • Secret Management: HashiCorp Vault, AWS Secrets Manager & Azure Key Vault
  • Cloud Security Posture Management (CSPM) with Prowler & ScoutSuite
  • Automated Compliance Checks for CIS Benchmarks in Cloud
  • Project: Securing a Terraform-provisioned AWS Infrastructure with Policy as Code
  • Hardening Docker Images: Multi-stage Builds, Distroless & Non-root Containers
  • Container Image Scanning with Trivy, Grype & Snyk Container
  • Docker Bench Security: Automated CIS Docker Benchmark Checks
  • Kubernetes Security: RBAC, Network Policies & Pod Security Standards
  • Admission Controllers: OPA Gatekeeper & Kyverno for Policy Enforcement
  • Service Mesh Security: mTLS with Istio & Linkerd
  • Runtime Security Monitoring with Falco & Sysdig
  • Project: Deploying a Secure Kubernetes Cluster with Network Policies & Image Scanning
  • Automating Compliance: Mapping Controls to GDPR, HIPAA & SOC 2
  • Infrastructure Drift Detection: Identifying Unauthorized Changes
  • Security Observability: Centralized Logging with ELK Stack & Splunk
  • SIEM Integration: Correlating Security Events & Automated Alerting
  • Chaos Security Engineering: Testing Resilience with Gremlin & Litmus
  • Automated Evidence Collection for Audit Readiness
  • Compliance Dashboards: Real-time Visibility into Security Posture
  • Project: Building a Compliance Dashboard with Automated Evidence Collection
  • Blue-Green & Canary Deployments with Security Validation
  • Feature Flags for Safe Rollouts: LaunchDarkly & Unleash
  • Post-deployment Security Smoke Tests & Health Checks
  • GitOps Security: Declarative Deployments with Flux & ArgoCD
  • Security Orchestration (SOAR): Automating Incident Response Runbooks
  • Post-mortem Analysis: Blameless Reviews & Continuous Improvement
  • Building a Security Champions Program for Development Teams
  • Project: Implementing a Canary Deployment with Automated Security Validation & Rollback